MassiveParity
commented
4 years ago Found a reference to updating two items in the malfind.py module. This resolved the issue. -C to -c and -Y to -U lines 189/195 i believe.
Closed MassiveParity closed 4 years ago
MassiveParity
commented
4 years ago Found a reference to updating two items in the malfind.py module. This resolved the issue. -C to -c and -Y to -U lines 189/195 i believe.
Excuse me as i am new to memory forensics and utilization of the Volatility platform. When using the yarascan module and passing the argument for the rule.yar file I am getting error(s).
sansforensics@siftworkstation: ~/Documents $ vol.py -f mem.img --profile=Win7SP1x64 yarascan -Y all_yara_rules.yar Volatility Foundation Volatility Framework 2.6.1 Traceback (most recent call last): File "/usr/local/bin/vol.py", line 192, in
main()
File "/usr/local/bin/vol.py", line 174, in main
command = cmdsmodule
File "/usr/local/lib/python2.7/dist-packages/volatility/plugins/malware/malfind.py", line 190, in init
help = 'Make the search case insensitive')
File "/usr/local/lib/python2.7/dist-packages/volatility/conf.py", line 363, in add_option self.optparser.add_option("-{0}".format(short_option), "--{0}".format(option), **args) File "/usr/lib/python2.7/optparse.py", line 1021, in add_option self._check_conflict(option) File "/usr/lib/python2.7/optparse.py", line 996, in _check_conflict option) optparse.OptionConflictError: option -C/--case: conflicting option string(s): -C
Am i using incorrect syntax for the module or is something else wrong?